Using Key and Trust Store Passwords in Keytool
Use the Java keytool
command to manipulate key and trust stores.
To manipulate key and trust store passwords in keytool
, use both passwords.
Passwords saved in the Hadoop Credential Provider stores cannot be retrieved by using
command-line utilities. They can only be retrieved from within Java applications.
Running the configure.sh
utility with the -genkeys
option
creates the ${MAPR_HOME}/conf/store-passwords.txt
file containing the
clear-text key and trust store passwords. You need these passwords if you want to manipulate
the key and trust stores using the Java keytool
utility. It is a best
practice to copy the ${MAPR_HOME}/conf/store-passwords.txt
file to a safe
place, and then delete it from the ${MAPR_HOME}/conf
directory.
Each line of the ${MAPR_HOME}/conf/store-passwords.txt
file contains the
password in the following syntax:
password-property=password-value
password-property
is the value of the password property in
ssl-server.xml
and ssl-client.xml
. The
password-value
is the clear-text password. For example:
# cat /opt/mapr/conf/store-passwords.txt
ssl.server.keystore.password=AxWJOT4K_Arc2apgcypzZps_hr5lyYNQ
ssl.server.keystore.keypassword=AxWJOT4K_Arc2apgcypzZps_hr5lyYNQ
ssl.server.truststore.password=4i0upzuDDUpvwpxb9_417gmfH0kvlB1w
ssl.client.truststore.password=4i0upzuDDUpvwpxb9_417gmfH0kvlB1w
ssl.client.keystore.password=AxWJOT4K_Arc2apgcypzZps_hr5lyYNQ
ssl.client.keystore.keypassword=AxWJOT4K_Arc2apgcypzZps_hr5lyYNQ